* [PATCH] crypto: mark crc32 checksum as FIPS allowed
@ 2019-01-25 9:31 Milan Broz
2019-01-25 12:52 ` Stephan Mueller
2019-02-01 6:51 ` Herbert Xu
0 siblings, 2 replies; 3+ messages in thread
From: Milan Broz @ 2019-01-25 9:31 UTC (permalink / raw)
To: linux-crypto; +Cc: Milan Broz
The CRC32 is not a cryptographic hash algorithm,
so the FIPS restrictions should not apply to it.
(The CRC32C variant is already allowed.)
This CRC32 variant is used for in dm-crypt legacy TrueCrypt
IV implementation (tcw); detected by cryptsetup test suite
failure in FIPS mode.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
---
crypto/testmgr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 0f684a414acb..82bc0398bbbf 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -2735,6 +2735,7 @@ static const struct alg_test_desc alg_test_descs[] = {
}, {
.alg = "crc32",
.test = alg_test_hash,
+ .fips_allowed = 1,
.suite = {
.hash = __VECS(crc32_tv_template)
}
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] crypto: mark crc32 checksum as FIPS allowed
2019-01-25 9:31 [PATCH] crypto: mark crc32 checksum as FIPS allowed Milan Broz
@ 2019-01-25 12:52 ` Stephan Mueller
2019-02-01 6:51 ` Herbert Xu
1 sibling, 0 replies; 3+ messages in thread
From: Stephan Mueller @ 2019-01-25 12:52 UTC (permalink / raw)
To: Milan Broz; +Cc: linux-crypto
Am Freitag, 25. Januar 2019, 10:31:47 CET schrieb Milan Broz:
Hi Milan,
> The CRC32 is not a cryptographic hash algorithm,
> so the FIPS restrictions should not apply to it.
> (The CRC32C variant is already allowed.)
>
> This CRC32 variant is used for in dm-crypt legacy TrueCrypt
> IV implementation (tcw); detected by cryptsetup test suite
> failure in FIPS mode.
>
> Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Ciao
Stephan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] crypto: mark crc32 checksum as FIPS allowed
2019-01-25 9:31 [PATCH] crypto: mark crc32 checksum as FIPS allowed Milan Broz
2019-01-25 12:52 ` Stephan Mueller
@ 2019-02-01 6:51 ` Herbert Xu
1 sibling, 0 replies; 3+ messages in thread
From: Herbert Xu @ 2019-02-01 6:51 UTC (permalink / raw)
To: Milan Broz; +Cc: linux-crypto
On Fri, Jan 25, 2019 at 09:31:47AM +0000, Milan Broz wrote:
> The CRC32 is not a cryptographic hash algorithm,
> so the FIPS restrictions should not apply to it.
> (The CRC32C variant is already allowed.)
>
> This CRC32 variant is used for in dm-crypt legacy TrueCrypt
> IV implementation (tcw); detected by cryptsetup test suite
> failure in FIPS mode.
>
> Signed-off-by: Milan Broz <gmazyland@gmail.com>
> ---
> crypto/testmgr.c | 1 +
> 1 file changed, 1 insertion(+)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-02-01 6:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-25 9:31 [PATCH] crypto: mark crc32 checksum as FIPS allowed Milan Broz
2019-01-25 12:52 ` Stephan Mueller
2019-02-01 6:51 ` Herbert Xu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.